﻿<?php
session_start();
include "connectsql.php";

//  表单提交后... 
$REQUEST = $_REQUEST; 
//  清除一些空白符号 
foreach ($REQUEST as $key => $value) { 
	$_REQUEST[$key] = trim($value); 
}

if (isset($REQUEST["reg"])) {
	$regflag = $REQUEST["reg"];
} else {
	mysqli_close($link);
	die (ECHO_NO_REGFLAG);
}

if (isset($REQUEST["name"])) {
	$controlname = $REQUEST["name"];
	if ($controlname == "") {
		mysqli_close($link);
		die (ECHO_NO_INPUTNAME);
	} 	
}	else {
	mysqli_close($link);
	die (ECHO_NO_INPUTNAME);
}

if ($regflag == FLAG_LOGIN || $regflag == FLAG_CHANGE || $regflag == FLAG_REG) {
	if (isset($REQUEST["passwd"])) {
		$password = $REQUEST["passwd"];
		if ($password == "") {
			mysqli_close($link);
			die (ECHO_NO_INPUTPASSWORD);
		} 		
	}	else {
		if ($regflag == FLAG_CHANGE) {
			if (isset($REQUEST["leaderid"])) {
				$leaderid = $REQUEST["leaderid"];
				if ($leaderid == "") {
					mysqli_close($link);
					die (ECHO_NO_INPUTPASSWORD);
				} 	
			}	else {
				mysqli_close($link);
				die (ECHO_NO_INPUTPASSWORD);
			}					
		} else {
			mysqli_close($link);
			die (ECHO_NO_INPUTPASSWORD);
		}
	}
}

if ($regflag == FLAG_LOGIN || $regflag == FLAG_CHANGE || $regflag == FLAG_DEL) {
	if ($regflag == FLAG_LOGIN) {
		$password = md5($controlname.$password.$controlname);
		$sql = "select * from ".DB_MANAGER_TAB." where `managername` = '".$controlname."' and `password` = '".$password."'";
		//  取得查询结果
		if ($query = mysqli_query($link, $sql)) {
			$num_rows = mysqli_num_rows($query);
			if ($num_rows != 1) {
				mysqli_free_result($query);
				mysqli_close($link);
				die (ECHO_ERROR_NAME_OR_PASSWORD);
			}
			$row = mysqli_fetch_assoc($query);
			mysqli_free_result($query);
			$id = $row["id"];
			$power = $row["powertype"];
			$leaderid = $row["leaderid"];
			if ($power == 65535 && $leaderid == 0) {
				// 注册登陆成功的 admin 变量，并赋值 true 
				$_SESSION["ceo"] = true; 
				$_SESSION["manager"] = $controlname;
				$sql = "select * from ".DB_MANAGER_TAB." where `leaderid` = '".$id."'";
				//  取得查询结果
				if ($query = mysqli_query($link, $sql)) {
					$showtxt = $id.";;".$power.";;childmanagerstart:";
					$num = 0;
					while ($row = mysqli_fetch_assoc($query)) {
						$childmanagername = $row["managername"];
						$childmanagerpower = $row["powertype"];			
						if ($num != 0)
							$showtxt .= ";;";
						$showtxt .= $childmanagername.",,".$childmanagerpower;
						$num++;
					}
					$showtxt .= ":childmanagerover";
					echo $showtxt;
					mysqli_free_result($query);
				} else {
					mysqli_close($link);
					die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
				}
			} else if ($power != 65535 && $leaderid != 0) {
				$sql = "select * from ".DB_MANAGER_TAB." where `id` = '".$leaderid."'";
				if ($query = mysqli_query($link, $sql)) {
					if ($num_rows == 1) {
						$row = mysqli_fetch_assoc($query);
						$_SESSION["ceo"] = true;
						$_SESSION["manager"] = $row["managername"];
						echo $leaderid.";;".$power;
					} else {
						echo "error";
					}
					mysqli_free_result($query);
				} else {
					mysqli_close($link);
					die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
				}
			}
		} else {
 			echo "error";
		}
	} else if ($regflag == FLAG_CHANGE) {
		if (isset($REQUEST["newpasswd"])) {
			$newpassword = $REQUEST["newpasswd"];
			if ($newpassword == "") {
				mysqli_close($link);
				die (ECHO_NO_INPUTNEWPASSWORD);
			} 		
		}	else {
			mysqli_close($link);
			die (ECHO_NO_INPUTNEWPASSWORD);
		}		
		
		if (isset($leaderid) == true) {//超级用户修改子用户的密码，需要涉及到power权限，并且不需要知道子用户的密码
			if (isset($REQUEST["power"])) {
				$power = $REQUEST["power"];
				if ($power == "") {
					mysqli_close($link);
					die (ECHO_NO_POWERTYPE);
				}	 	
			}	else {
				mysqli_close($link);
				die (ECHO_NO_POWERTYPE);
			}
			$newpassword = md5($controlname.$newpassword.$controlname);
			$sql = "update ".DB_MANAGER_TAB." set `password` = '".$newpassword."', `powertype` = '".$power."' where `managername` = '".$controlname."' and `leaderid` = '".$leaderid."'";
			if (mysqli_query($link, $sql)) {
			} else {
				mysqli_close($link);
				die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_CHANGE);
			}
		} else {//子用户修改自己的密码，无法修改自己的power权限，并且一定要密码
			$password = md5($controlname.$password.$controlname);
			$sql = "select * from ".DB_MANAGER_TAB." where `managername` = '".$controlname."' and `password` = '".$password."'";
			//  取得查询结果
			if ($query = mysqli_query($link, $sql)) {
				$num_rows = mysqli_num_rows($query);
				mysqli_free_result($query);
				if ($num_rows != 1) {
					mysqli_close($link);
					die (ECHO_ERROR_NAME_OR_PASSWORD);
				}			
			} else {
				mysqli_close($link);
				die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
			}
			$newpassword = md5($controlname.$newpassword.$controlname);
			$sql = "update ".DB_MANAGER_TAB." set `password` = '".$newpassword."' where `managername` = '".$controlname."'";
			if (mysqli_query($link, $sql)) {
			} else {
				mysqli_close($link);
				die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_CHANGE);
			}
			$_SESSION["ceo"] = false;
		}
		echo ECHO_OK;		
	} else if ($regflag == FLAG_DEL) {
		// 删除表的内容
		if (isset($REQUEST["passwd"])) {//子用户或者超级用户删除自己，需要密码
			$password = $REQUEST["passwd"];
			if ($password == "") {
				mysqli_close($link);
				die (ECHO_NO_INPUTPASSWORD);
			}
			$password = md5($controlname.$password.$controlname);
			$sql = "select * from ".DB_MANAGER_TAB." where `managername` = '".$controlname."' and `password` = '".$password."'";
			if ($query = mysqli_query($link, $sql)) {
				$num_rows = mysqli_num_rows($query);
				if ($num_rows != 1) {
					mysqli_close($link);
					die (ECHO_ERROR_NAME_OR_PASSWORD);
				}
				$row = mysqli_fetch_assoc($query);
				$power = $row["powertype"];
				$leaderid = $row["leaderid"];			
				if ($power == 65535 && $leaderid == 0) {
					$sql = "delete from ".DB_MANAGER_TAB." where `managername` = '".$controlname."'";
					mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_DEL);
					
					$sql = "drop table if exists ".SetDB_USER_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);
					
					$sql = "drop table if exists ".SetDB_CMD_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);	
			
					$sql = "drop table if exists ".SetDB_FILE_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);	
			
					$sql = "drop table if exists ".SetDB_MODE_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);
	
					$sql = "drop table if exists ".SetDB_PLAYLIST_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);			
					
					$sql = "drop table if exists ".SetDB_SERVER_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);
	
					$sql = "drop table if exists ".SetDB_EXE_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);
					
					$sql = "drop table if exists ".SetDB_QUENE_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);
		
					$sql = "drop table if exists ".SetDB_LINE_TAB($controlname);	
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_DEL_TABLE);
					
					$path = "upload/".md5($controlname.DB_PWD.$controlname)."/";
					unlink($path);
					
					$_SESSION["ceo"] = false;
				}
				mysqli_free_result($query);
			} else {
				die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
			}
			echo ECHO_OK;
		} else {//超级用户直接删除子用户，不需要密码
			if (isset($REQUEST["leaderid"])) {
				$inputid = $REQUEST["leaderid"];
				if ($inputid == "") {
					mysqli_close($link);
					die (ECHO_NO_LEADERID);
				}
			} else {
				mysqli_close($link);
				die (ECHO_NO_LEADERID);
			}					

			$sql = "select * from ".DB_MANAGER_TAB." where `managername` = '".$controlname."' and `leaderid` = '".$inputid."'";
			if ($query = mysqli_query($link, $sql)) {
				$num_rows = mysqli_num_rows($query);
				if ($num_rows != 1) {
					mysqli_close($link);
					die (ECHO_ERROR_NAME_OR_PASSWORD);
				}
				mysqli_free_result($query);
			} else {
				mysqli_close($link);
				die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
			}

			$sql = "delete from ".DB_MANAGER_TAB." where `managername` = '".$controlname."'";
			if ($query = mysqli_query($link, $sql)) {
				echo ECHO_OK;
			} else {
				mysqli_close($link);
				die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_DEL);
			}
		}
	}
} else if ($regflag == FLAG_REG) {
	// 创建表单
	$sql = "create table if not exists ".DB_MANAGER_TAB." (
		id int unsigned auto_increment primary key,
		`managername` varchar(16),
		`password` varchar(36),
		`powertype` int unsigned,
		`leaderid` int unsigned)";
	if (mysqli_query($link, $sql)) {
	} else {
		die (ECHO_MYSQL_ERROR_CREATE_TABLE);	
	}
		
	$sql = "CREATE TABLE if not exists ".DB_DOWNLOAD_TAB." (
		`manager` VARCHAR(16) NULL,
		`machine` INT(6) NULL,
		`onlinetime` INT(12) NULL,
		`expand` VARCHAR(16) NULL)";
	if (mysqli_query($link, $sql)) {
	} else {
		die (ECHO_MYSQL_ERROR_CREATE_TABLE);		
	}
	
	$sql = "CREATE TABLE if not exists ".DB_LIMIT_TAB." (
		`maxdownload` INT(6) NULL,
		`expands` VARCHAR(16) NULL)";
	if (mysqli_query($link, $sql)) {
	} else {
		die (ECHO_MYSQL_ERROR_CREATE_TABLE);	
	}
	
	$sql = "select * from ".DB_LIMIT_TAB;
	$query = mysqli_query($link, $sql);
	$num_rows = mysqli_num_rows($query);
	if ($num_rows == 0) {//not have
		$sql = "INSERT INTO `limit_table` (`maxdownload`) VALUES ('0')";
		if (mysqli_query($link, $sql)) {
		} else {
			die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_INSERT);
		}
	}
		
	$sql = "select * from ".DB_MANAGER_TAB." where `managername` = '".$controlname."'";
	//  取得查询结果
	if ($query = mysqli_query($link, $sql)) {
		$num_rows = mysqli_num_rows($query);
		mysqli_free_result($query);
		if ($num_rows != 0) {
			die (ECHO_EXIST_MANAGER);
		}
	}
	
	if (isset($REQUEST["power"])) {
		$power = $REQUEST["power"];
		if ($power == "")
			die (ECHO_NO_POWERTYPE);	 	
	}	else {
		die (ECHO_NO_POWERTYPE);
	}	
	
	if (isset($REQUEST["leaderid"])) {
		$leaderid = $REQUEST["leaderid"];
		if ($leaderid == "")
			die (ECHO_NO_LEADERID); 	
	}	else {
		die (ECHO_NO_LEADERID);
	}		
	
	//增加表的内容	
	$password = md5($controlname.$password.$controlname);
	if ($leaderid != 0) {
		$sql = "select * from ".DB_MANAGER_TAB." where `id` = '".$leaderid."'";
		if ($query = mysqli_query($link, $sql)) {
			$num_rows = mysqli_num_rows($query);
			mysqli_free_result($query);
			if ($num_rows == 0) {
				die (ECHO_NO_LEADERID);				
			}			
		} else {
			die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
		}
	}
	$sql = "insert into ".DB_MANAGER_TAB." (`managername`,`password`,`powertype`,`leaderid`) values ('".$controlname."','".$password."','".$power."','".$leaderid."')";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_INSERT);
		
	if ($power == 65535 && $leaderid == 0) {
			//创建表单
		$sql = "create table if not exists ".SetDB_USER_TAB($controlname)."(
			`username` varchar(16),
			`alias` varchar(16),
			`groupname` varchar(16),
			`remarks` varchar(256),
			`extrainfo` BIGINT(32),
			`cardnum` varchar(12),
			`modexml` varchar(12),
			`playlistxml` varchar(16),
			`userip` varchar(20), 
			`loginmode` varchar(1),
			`online_time` varchar(20),
			`login_time` varchar(20),
			`ver` varchar(16),
			`free` int unsigned,
			`all` int unsigned,
			`volume` int unsigned,
			`downloadfile` varchar(256),
			`downloadper` int unsigned,
			`playfile` varchar(256),
			`terminalfile` mediumtext,
			`alarm` varchar(48),
			`gps` varchar(32),
			`mcu` varchar(6),
			`wifi` int unsigned,
			`downloadspeed` int unsigned,
			`network` int unsigned,
			`expand` varchar(64),
			`error` int unsigned,
			`gprslimit` varchar(32),
			`audiolimit` varchar(16))";			
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);
				
		$sql = "create table if not exists ".SetDB_CMD_TAB($controlname)."(
			id int unsigned auto_increment primary key, 
			`date` varchar(20),
			`username` varchar(16), 
			`cmd` varchar(2048),
			`explain` varchar(2048),
			`state` varchar(2),
			`type` varchar(2),
			`extrainfo` varchar(32))";			
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);
		
		$sql = "create table if not exists ".SetDB_FILE_TAB($controlname)."(
			`filename` varchar(256),
			`date` varchar(20),
			`size` int unsigned, 
			`md5` varchar(32),
			`extrainfo` varchar(16),
			`encrypt` int unsigned,
			`typestr` varchar(16),
			`line` mediumtext,
			`limittime` int(10),
			`quene` int(10),
			`id` int unsigned auto_increment primary key,
			`username` varchar(16),
			`userinfo` varchar(64),
			`userlimit` int(6),
			`userpasswd` varchar(16),
			`time` int(8))";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);
						
		$sql = "create table if not exists ".SetDB_MODE_TAB($controlname)."(
			id int unsigned auto_increment primary key, 
			`exist` varchar(1),
			`extrainfo` varchar(16))";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);
					
		$sql = "select * from ".SetDB_MODE_TAB($controlname);
		if ($query = mysqli_query($link, $sql)) {
			$num_rows = mysqli_num_rows($query);
			if ($num_rows == 0) {			
				for ($num_rows = 0; $num_rows < 999; $num_rows++) {	
					$sql = "insert into ".SetDB_MODE_TAB($controlname)." (`exist`,`extrainfo`) values ('0','')";
					mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_INSERT);	
				}
			}
		}

		$sql = "create table if not exists ".SetDB_PLAYLIST_TAB($controlname)."(
			id int unsigned auto_increment primary key, 
			`exist` varchar(1),
			`extrainfo` varchar(16))";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);
					
		$sql = "select * from ".SetDB_PLAYLIST_TAB($controlname);
		if ($query = mysqli_query($link, $sql)) {
			$num_rows = mysqli_num_rows($query);
			if ($num_rows == 0) {						
				for ($num_rows = 0; $num_rows < 999; $num_rows++) {	
					$sql = "insert into ".SetDB_PLAYLIST_TAB($controlname)." (`exist`,`extrainfo`) values ('0','')";
					mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_INSERT);	
				}
			}
		}
						
		$sql = "create table if not exists ".SetDB_SERVER_TAB($controlname)."(
			`servername` varchar(12),
			`alias` varchar(16),
			`remarks` varchar(256),
			`online_time` varchar(20),
			`state` int unsigned,
			`list` varchar(16),
			`replaceflag` int unsigned,
			`serverip` varchar(15),
			`mask` varchar(15),
			`gateway` varchar(15),
			`version` varchar(6),
			`err` varchar(1),
			`info` varchar(256),
			`lastofftime` int unsigned,
			`lastontime` int unsigned,
			`restartcount` int unsigned)";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);						
					
		$sql = "create table if not exists ".SetDB_EXE_TAB($controlname)."(
			id int unsigned auto_increment primary key,		
			`username` varchar(16),
			`date` varchar(20),
			`type` varchar(2),
			`remarks` varchar(256),
			`extrainfo` varchar(32))";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);					
			
		$sql = "create table if not exists ".SetDB_QUENE_TAB($controlname)."(
			`filename` varchar(256),
			`line` mediumtext,
			`quene` int unsigned)";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);						
				
		$sql = "create table if not exists ".SetDB_LINE_TAB($controlname)."(
			`groupname` varchar(16),
			`textfile` varchar(256),
			`gpsfile` varchar(256))";
		mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_CREATE_TABLE);	
	
		$path = "upload/".md5($controlname.DB_PWD.$controlname)."/";
      echo $path;
		if (file_exists($path) == false) {
			mkdir($path);
		}
		$path = $path."tmp/";
		if (file_exists($path) == false) {
			mkdir($path);
		}
	}
	echo ECHO_OK;
} else {
	mysqli_close($link);
	die (ECHO_NO_REGFLAG);
}
mysqli_close($link);
?>